BUG FIX! - fixes error that could allow ANY file on the system to be read!
[moodle.git] / file.php
CommitLineData
f9903ed0 1<?PHP // $Id$
2 // This function fetches files from the data directory
3 // Syntax: file.php/courseid/dir/.../dir/filename.ext
4
5 require("config.php");
6 require("files/mimetypes.php");
7
8 $lifetime = 86400;
9
3f8247c2 10 if (isset($file)) { // workaround for situations where / syntax doesn't work
11 $PATH_INFO = $file;
12 }
13
f9903ed0 14 if (!$PATH_INFO) {
3f8247c2 15 error("This script DEPENDS on PATH_INFO being available. Read the README.");
f9903ed0 16 }
17
18 $args = get_slash_arguments();
19 $numargs = count($args);
f9903ed0 20 $courseid = (integer)$args[0];
21
21ddaf60 22 $course = get_record("course", "id", $courseid);
23
24 if ($course->category) {
f9903ed0 25 require_login($courseid);
26 }
27
21ddaf60 28 // it's OK to get here if no course was specified
29
f9903ed0 30 $pathname = "$CFG->dataroot$PATH_INFO";
31 $filename = $args[$numargs-1];
32
33 $mimetype = mimeinfo("type", $filename);
34
35 if (file_exists($pathname)) {
36 $lastmodified = filemtime($pathname);
37
38 header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
39 header("Expires: " . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT");
40 header("Cache-control: max_age = $lifetime"); // a day
41 header("Pragma: ");
5be2f47c 42 header("Content-disposition: inline; filename=$filename");
43 header("Content-length: ".filesize($pathname));
f9903ed0 44 header("Content-type: $mimetype");
45 readfile("$pathname");
46 } else {
21ddaf60 47 error("Sorry, but the file you are looking for was not found", "course/view.php?id=$courseid");
f9903ed0 48 }
49
50 exit;
51?>